dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

csrf7 test cases added

Browse Source
This commit is contained in:
Rene Zubcevic
2019-10-14 06:40:42 +02:00
committed by Nanne Baars
parent e932253f06
commit 00873cfe3f
2 changed files with 14 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
webgoat-lessons/csrf/src/main/java/org/owasp/webgoat/csrf/CSRFFeedback.java
View File

@ -68,7 +68,7 @@ public class CSRFFeedback extends AssignmentEndpoint {
} catch (IOException e) {
return failed().feedback(ExceptionUtils.getStackTrace(e)).build();
}
boolean correctCSRF = requestContainsWebGoatCookie(request.getCookies()) && request.getContentType().equals(MediaType.TEXT_PLAIN_VALUE);
boolean correctCSRF = requestContainsWebGoatCookie(request.getCookies()) && request.getContentType().contains(MediaType.TEXT_PLAIN_VALUE);
correctCSRF &= hostOrRefererDifferentHost(request);
if (correctCSRF) {
String flag = UUID.randomUUID().toString();
@ -89,8 +89,8 @@ public class CSRFFeedback extends AssignmentEndpoint {
}
private boolean hostOrRefererDifferentHost(HttpServletRequest request) {
String referer = request.getHeader("referer");
String host = request.getHeader("host");
String referer = request.getHeader("Referer");
String host = request.getHeader("Host");
if (referer != null) {
return !referer.contains(host);
} else {